Hi Ramón González,
Definitely what Tavernt said. Syncope can do the work for you if rightly
setup and configured.
Here are some references:
- To setup a Syncope environment [2]
- To configure a (source) SQL server connector and resource through
Database table or Scripted SQL connector [3] [4] and an Active Directory
(destination) connector and resource [5].
Once configured resources, you have to pull [6] users into Syncope and
define some logic in Java or Groovy (the business rules addressed by
Tavernt), i.e. [7], if you need to make so processing before sending
users to AD resource. While pulling you can automatically assign, in
different ways, users to AD and link Syncope users to SQL server and AD.
Moreover, once users have assigned AD and SQL server resources, at each
change, Syncope takes care of synchronizing entities towards resources.
To have an idea of what a pull task is and how to configure (also
scheduling) it, please take a look at [8].
Thanks also to Tavernt for the precise overview of the whole flow.
Best regards,
Andrea
[1] https://syncope.apache.org/docs/2.1/reference-guide.html#identity-stores
[2]
https://syncope.apache.org/docs/2.1/getting-started#obtain-apache-syncope
[3]
https://syncope.apache.org/docs/2.1/reference-guide.html#connector-bundles
[4] https://connid.atlassian.net/wiki/spaces/BASE/pages/5570562/Database
[5]
https://connid.atlassian.net/wiki/spaces/BASE/pages/360482/Active+Directory+JNDI
[6]
https://syncope.apache.org/docs/2.1/reference-guide.html#provisioning-pull
[7] https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions
[8] https://syncope.apache.org/docs/2.1/reference-guide.html#tasks-pull
Il 26/07/19 09:13, Tavernt Muchenje ha scritto:
Hi RG,
Yes, that’s the role of IdM to provision users/account to downstream
systems (AD in this case).
Apache Syncope can easily be configured to read and pull users from
SQL server DB and apply some business rules before creating the users
in AD.
In addition you can schedule how often you need to check for user
changes in SQL.
Cheers
---
signature_1995866963
Tavernt J. Muchenje (MBA, CCSP, CISSP)
Managing Director | Enterprise Security Architect
I’CURITY SOLUTIONS (PTY) LTD
M: +27 (0)72 727 8371
W: www.icurity.co.za <http://www.icurity.co.za>
BEE: Level 1
*From: *Ramón González <rgonza...@itera.com.do>
*Reply-To: *<user@syncope.apache.org>
*Date: *Friday, 26 July 2019 at 02:32
*To: *<user@syncope.apache.org>
*Subject: *Update user info in Active Directory from SQL Server
Hello,
An HR department uses an app to manage employee info such as manager,
position, phone number, cellphone, birthday, emergency contact, etc.
This info is stored in *SQL Server.*
Is it possible to update user info in *Active Directory (AD)* from SQL
Server?
Right now, user info is updated in SQL Server but is outdated in AD.
Thanks in advance.
Regards,
RG
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member